Skip to main content

ACTI Create Report-Indicator Associations

This Playbook is part of the Accenture CTI v2 Pack.#

Deprecated

No available replacement.

  • NOTE: This playbook is deprecated.
  • This sub-playbook makes the connections between ACTI indicators (from ACTI Indicator API) and ACTI intelligence reports (from ACTI Report API) that have pulled into an XSOAR incident via the Enrich Incidents with Indicators and Enrich Incidents with Intelligence Reports sub-playbooks.
  • This sub-playbook cannot be integrated into generic XSOAR playbooks and playbooks from other vendors by itself. It is dependent upon the Enrich Incidents with Indicators and Enrich Incidents with Intelligence Reports sub-playbooks.

Dependencies#

This playbook uses the following sub-playbooks, integrations, and scripts.

Sub-playbooks#

This playbook does not use any sub-playbooks.

Integrations#

This playbook does not use any integrations.

Scripts#

  • GetIndicatorDBotScore
  • Exists
  • CreateIndicatorRelationship

Commands#

This playbook does not use any commands.

Playbook Inputs#


NameDescriptionDefault ValueRequired
IPThe extracted IP address.${IP.Address}Optional
IAThe Intelligence Alert associated with the indicator.${intelligence_alerts}.NoneOptional
IRThe Intelligence Report associated with the indicator.${intelligence_reports}.NoneOptional
URLThe extracted URL.${URL.Data}Optional
DomainThe extracted Domain.${Domain.Name}Optional
MFamThe Malware Family associated with the indicator.acti_malware_family_uuid.NoneOptional
TAThe Threat Actor associated with the indicator.acti_threat_actors_uuid.NoneOptional
TGThe Threat Group associated with the indicator.acti_threat_groups_uuid.NoneOptional
TCThe Threat Campaign associated with the indicator.acti_threat_campaigns_uuid.NoneOptional

Playbook Outputs#


There are no outputs for this playbook.

Playbook Image#


ACTI Create Report-Indicator Associations